216.73.217.50

CVE-2024-45411

· Published 09/09/2024 19:15 · Modified 19/09/2024 14:31

Labels: CVE-2024-45411 2024-09-09CVE-2024-45411CWE-693NVD-CWE-Other[email protected]

Essential information

Published
09/09/2024 19:15
Modified
19/09/2024 14:31
Author
Creator
CVSS
8.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS metrics

Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
symfony / twig cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
symfony / twig cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
symfony / twig cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*

References